bd6af4
- readded bind-9.5-libcap.patch
@@ -0,0 +1,259 @@
|
|
1
|
+
diff -up bind-9.5.0b3/bin/named/unix/os.c.libcap bind-9.5.0b3/bin/named/unix/os.c
|
2
|
+
--- bind-9.5.0b3/bin/named/unix/os.c.libcap 2008-01-30 05:55:51.000000000 +0100
|
3
|
+
+++ bind-9.5.0b3/bin/named/unix/os.c 2008-05-05 10:56:00.000000000 +0200
|
4
|
+
@@ -69,7 +69,7 @@ static int devnullfd = -1;
|
5
|
+
/*
|
6
|
+
* Linux defines:
|
7
|
+
* (T) HAVE_LINUXTHREADS
|
8
|
+
- * (C) HAVE_LINUX_CAPABILITY_H
|
9
|
+
+ * (C) HAVE_SYS_CAPABILITY_H (or HAVE_LINUX_CAPABILITY_H)
|
10
|
+
* (P) HAVE_SYS_PRCTL_H
|
11
|
+
* The possible cases are:
|
12
|
+
* none: setuid() normally
|
13
|
+
@@ -116,16 +116,9 @@ static int dfd[2] = { -1, -1 };
|
14
|
+
static isc_boolean_t non_root = ISC_FALSE;
|
15
|
+
static isc_boolean_t non_root_caps = ISC_FALSE;
|
16
|
+
|
17
|
+
-#if defined(HAVE_CAPSET)
|
18
|
+
-#undef _POSIX_SOURCE
|
19
|
+
#ifdef HAVE_SYS_CAPABILITY_H
|
20
|
+
#include <sys/capability.h>
|
21
|
+
#else
|
22
|
+
-#include <linux/capability.h>
|
23
|
+
-int capset(cap_user_header_t hdrp, const cap_user_data_t datap);
|
24
|
+
-#endif
|
25
|
+
-#include <sys/prctl.h>
|
26
|
+
-#else
|
27
|
+
/*%
|
28
|
+
* We define _LINUX_FS_H to prevent it from being included. We don't need
|
29
|
+
* anything from it, and the files it includes cause warnings with 2.2
|
30
|
+
@@ -133,9 +126,20 @@ int capset(cap_user_header_t hdrp, const
|
31
|
+
* and <string.h>) on 2.3 kernels.
|
32
|
+
*/
|
33
|
+
#define _LINUX_FS_H
|
34
|
+
-
|
35
|
+
-#include <sys/syscall.h> /* Required for syscall(). */
|
36
|
+
-#include <linux/capability.h> /* Required for _LINUX_CAPABILITY_VERSION. */
|
37
|
+
+#include <linux/capability.h>
|
38
|
+
+#ifdef HAVE_CAPSET
|
39
|
+
+int capset(cap_user_header_t hdrp, const cap_user_data_t datap);
|
40
|
+
+#else
|
41
|
+
+/* We don't have libcap or capset, let's use syscall*/
|
42
|
+
+#include <syscall.h>
|
43
|
+
+#ifndef SYS_capset
|
44
|
+
+#ifndef __NR_capset
|
45
|
+
+#include <asm/unistd.h> /* Slackware 4.0 needs this. */
|
46
|
+
+#endif /* __NR_capset */
|
47
|
+
+#define SYS_capset __NR_capset
|
48
|
+
+#endif /* SYS_capset */
|
49
|
+
+#endif /* HAVE_CAPSET */
|
50
|
+
+#endif /* HAVE_SYS_CAPABILITY_H */
|
51
|
+
|
52
|
+
#ifdef HAVE_SYS_PRCTL_H
|
53
|
+
#include <sys/prctl.h> /* Required for prctl(). */
|
54
|
+
@@ -152,23 +156,28 @@ int capset(cap_user_header_t hdrp, const
|
55
|
+
|
56
|
+
#endif /* HAVE_SYS_PRCTL_H */
|
57
|
+
|
58
|
+
-#ifndef SYS_capset
|
59
|
+
-#ifndef __NR_capset
|
60
|
+
-#include <asm/unistd.h> /* Slackware 4.0 needs this. */
|
61
|
+
-#endif
|
62
|
+
-#define SYS_capset __NR_capset
|
63
|
+
-#endif
|
64
|
+
-#endif
|
65
|
+
+#ifdef HAVE_LIBCAP
|
66
|
+
+#define SETCAPS_FUNC "cap_set_proc "
|
67
|
+
+#else
|
68
|
+
+typedef unsigned int cap_t;
|
69
|
+
+#ifdef HAVE_CAPSET
|
70
|
+
+#define SETCAPS_FUNC "capset "
|
71
|
+
+#else
|
72
|
+
+#define SETCAPS_FUNC "syscall(capset) "
|
73
|
+
+#endif /* HAVE_CAPSET */
|
74
|
+
+#endif /* HAVE_LIBCAP */
|
75
|
+
|
76
|
+
static void
|
77
|
+
-linux_setcaps(unsigned int caps) {
|
78
|
+
+linux_setcaps(cap_t caps) {
|
79
|
+
+#ifndef HAVE_LIBCAP
|
80
|
+
struct __user_cap_header_struct caphead;
|
81
|
+
struct __user_cap_data_struct cap;
|
82
|
+
+#endif
|
83
|
+
char strbuf[ISC_STRERRORSIZE];
|
84
|
+
|
85
|
+
if ((getuid() != 0 && !non_root_caps) || non_root)
|
86
|
+
return;
|
87
|
+
-
|
88
|
+
+#ifndef HAVE_LIBCAP
|
89
|
+
memset(&caphead, 0, sizeof(caphead));
|
90
|
+
caphead.version = _LINUX_CAPABILITY_VERSION;
|
91
|
+
caphead.pid = 0;
|
92
|
+
@@ -176,46 +185,76 @@ linux_setcaps(unsigned int caps) {
|
93
|
+
cap.effective = caps;
|
94
|
+
cap.permitted = caps;
|
95
|
+
cap.inheritable = 0;
|
96
|
+
-#ifdef HAVE_CAPSET
|
97
|
+
+#endif
|
98
|
+
+#ifdef HAVE_LIBCAP
|
99
|
+
+ if (cap_set_proc(caps) < 0) {
|
100
|
+
+#elif defined(HAVE_CAPSET)
|
101
|
+
if (capset(&caphead, &cap) < 0 ) {
|
102
|
+
- isc__strerror(errno, strbuf, sizeof(strbuf));
|
103
|
+
- ns_main_earlyfatal("capset failed: %s:"
|
104
|
+
- " please ensure that the capset kernel"
|
105
|
+
- " module is loaded. see insmod(8)",
|
106
|
+
- strbuf);
|
107
|
+
- }
|
108
|
+
#else
|
109
|
+
if (syscall(SYS_capset, &caphead, &cap) < 0) {
|
110
|
+
+#endif
|
111
|
+
isc__strerror(errno, strbuf, sizeof(strbuf));
|
112
|
+
- ns_main_earlyfatal("syscall(capset) failed: %s:"
|
113
|
+
+ ns_main_earlyfatal(SETCAPS_FUNC "failed: %s:"
|
114
|
+
" please ensure that the capset kernel"
|
115
|
+
" module is loaded. see insmod(8)",
|
116
|
+
strbuf);
|
117
|
+
}
|
118
|
+
-#endif
|
119
|
+
}
|
120
|
+
|
121
|
+
+#ifdef HAVE_LIBCAP
|
122
|
+
+#define SET_CAP(flag) \
|
123
|
+
+ do { \
|
124
|
+
+ capval = (flag); \
|
125
|
+
+ err = cap_set_flag(caps, CAP_EFFECTIVE, 1, &capval, CAP_SET); \
|
126
|
+
+ if (err == -1) { \
|
127
|
+
+ isc__strerror(errno, strbuf, sizeof(strbuf)); \
|
128
|
+
+ ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \
|
129
|
+
+ } \
|
130
|
+
+ \
|
131
|
+
+ err = cap_set_flag(caps, CAP_PERMITTED, 1, &capval, CAP_SET); \
|
132
|
+
+ if (err == -1) { \
|
133
|
+
+ isc__strerror(errno, strbuf, sizeof(strbuf)); \
|
134
|
+
+ ns_main_earlyfatal("cap_set_proc failed: %s", strbuf); \
|
135
|
+
+ } \
|
136
|
+
+ } while (0)
|
137
|
+
+#define INIT_CAP \
|
138
|
+
+ do { \
|
139
|
+
+ caps = cap_init(); \
|
140
|
+
+ if (caps == NULL) { \
|
141
|
+
+ isc__strerror(errno, strbuf, sizeof(strbuf)); \
|
142
|
+
+ ns_main_earlyfatal("cap_init failed: %s", strbuf); \
|
143
|
+
+ } \
|
144
|
+
+ } while (0)
|
145
|
+
+#else
|
146
|
+
+#define SET_CAP(flag) { caps |= (1 << (flag)); }
|
147
|
+
+#define INIT_CAP { caps = 0; }
|
148
|
+
+#endif /* HAVE_LIBCAP */
|
149
|
+
+
|
150
|
+
static void
|
151
|
+
linux_initialprivs(void) {
|
152
|
+
- unsigned int caps;
|
153
|
+
+ cap_t caps;
|
154
|
+
+#ifdef HAVE_LIBCAP
|
155
|
+
+ cap_value_t capval;
|
156
|
+
+ char strbuf[ISC_STRERRORSIZE];
|
157
|
+
+ int err;
|
158
|
+
+#endif
|
159
|
+
|
160
|
+
/*%
|
161
|
+
* We don't need most privileges, so we drop them right away.
|
162
|
+
* Later on linux_minprivs() will be called, which will drop our
|
163
|
+
* capabilities to the minimum needed to run the server.
|
164
|
+
*/
|
165
|
+
-
|
166
|
+
- caps = 0;
|
167
|
+
+ INIT_CAP;
|
168
|
+
|
169
|
+
/*
|
170
|
+
* We need to be able to bind() to privileged ports, notably port 53!
|
171
|
+
*/
|
172
|
+
- caps |= (1 << CAP_NET_BIND_SERVICE);
|
173
|
+
+ SET_CAP(CAP_NET_BIND_SERVICE);
|
174
|
+
|
175
|
+
/*
|
176
|
+
* We need chroot() initially too.
|
177
|
+
*/
|
178
|
+
- caps |= (1 << CAP_SYS_CHROOT);
|
179
|
+
+ SET_CAP(CAP_SYS_CHROOT);
|
180
|
+
|
181
|
+
#if defined(HAVE_SYS_PRCTL_H) || !defined(HAVE_LINUXTHREADS)
|
182
|
+
/*
|
183
|
+
@@ -224,19 +263,19 @@ linux_initialprivs(void) {
|
184
|
+
* tried) or we're not using threads. If either of these is
|
185
|
+
* true, we want the setuid capability.
|
186
|
+
*/
|
187
|
+
- caps |= (1 << CAP_SETUID);
|
188
|
+
+ SET_CAP(CAP_SETUID);
|
189
|
+
#endif
|
190
|
+
|
191
|
+
/*
|
192
|
+
* Since we call initgroups, we need this.
|
193
|
+
*/
|
194
|
+
- caps |= (1 << CAP_SETGID);
|
195
|
+
+ SET_CAP(CAP_SETGID);
|
196
|
+
|
197
|
+
/*
|
198
|
+
* Without this, we run into problems reading a configuration file
|
199
|
+
* owned by a non-root user and non-world-readable on startup.
|
200
|
+
*/
|
201
|
+
- caps |= (1 << CAP_DAC_READ_SEARCH);
|
202
|
+
+ SET_CAP(CAP_DAC_READ_SEARCH);
|
203
|
+
|
204
|
+
/*
|
205
|
+
* XXX We might want to add CAP_SYS_RESOURCE, though it's not
|
206
|
+
@@ -245,15 +284,21 @@ linux_initialprivs(void) {
|
207
|
+
* of files, the stack size, data size, and core dump size to
|
208
|
+
* support named.conf options, this is now being added to test.
|
209
|
+
*/
|
210
|
+
- caps |= (1 << CAP_SYS_RESOURCE);
|
211
|
+
+ SET_CAP(CAP_SYS_RESOURCE);
|
212
|
+
|
213
|
+
linux_setcaps(caps);
|
214
|
+
}
|
215
|
+
|
216
|
+
static void
|
217
|
+
linux_minprivs(void) {
|
218
|
+
- unsigned int caps;
|
219
|
+
+ cap_t caps;
|
220
|
+
+#ifdef HAVE_LIBCAP
|
221
|
+
+ cap_value_t capval;
|
222
|
+
+ char strbuf[ISC_STRERRORSIZE];
|
223
|
+
+ int err;
|
224
|
+
+#endif
|
225
|
+
|
226
|
+
+ INIT_CAP;
|
227
|
+
/*%
|
228
|
+
* Drop all privileges except the ability to bind() to privileged
|
229
|
+
* ports.
|
230
|
+
@@ -262,8 +307,7 @@ linux_minprivs(void) {
|
231
|
+
* chroot() could be used to escape from the chrooted area.
|
232
|
+
*/
|
233
|
+
|
234
|
+
- caps = 0;
|
235
|
+
- caps |= (1 << CAP_NET_BIND_SERVICE);
|
236
|
+
+ SET_CAP(CAP_NET_BIND_SERVICE);
|
237
|
+
|
238
|
+
/*
|
239
|
+
* XXX We might want to add CAP_SYS_RESOURCE, though it's not
|
240
|
+
@@ -272,7 +316,7 @@ linux_minprivs(void) {
|
241
|
+
* of files, the stack size, data size, and core dump size to
|
242
|
+
* support named.conf options, this is now being added to test.
|
243
|
+
*/
|
244
|
+
- caps |= (1 << CAP_SYS_RESOURCE);
|
245
|
+
+ SET_CAP(CAP_SYS_RESOURCE);
|
246
|
+
|
247
|
+
linux_setcaps(caps);
|
248
|
+
}
|
249
|
+
diff -up bind-9.5.0b3/configure.in.libcap bind-9.5.0b3/configure.in
|
250
|
+
--- bind-9.5.0b3/configure.in.libcap 2008-01-30 05:55:51.000000000 +0100
|
251
|
+
+++ bind-9.5.0b3/configure.in 2008-05-05 10:53:11.000000000 +0200
|
252
|
+
@@ -1876,6 +1876,7 @@ AC_ARG_ENABLE(linux-caps,
|
253
|
+
case "$enable_linux_caps" in
|
254
|
+
yes|'')
|
255
|
+
AC_CHECK_HEADERS(linux/capability.h sys/capability.h)
|
256
|
+
+ AC_CHECK_LIB(cap, cap_set_proc)
|
257
|
+
AC_CHECK_FUNCS(capset)
|
258
|
+
;;
|
259
|
+
no)
|
@@ -0,0 +1,172 @@
|
|
1
|
+
diff -up bind-9.5.0b2/lib/isc/unix/socket.c.recv bind-9.5.0b2/lib/isc/unix/socket.c
|
2
|
+
--- bind-9.5.0b2/lib/isc/unix/socket.c.recv 2008-04-10 16:45:33.000000000 +0200
|
3
|
+
+++ bind-9.5.0b2/lib/isc/unix/socket.c 2008-04-10 17:00:46.000000000 +0200
|
4
|
+
@@ -261,10 +261,10 @@ static isc_result_t allocate_socket(isc_
|
5
|
+
static void destroy(isc_socket_t **);
|
6
|
+
static void internal_accept(isc_task_t *, isc_event_t *);
|
7
|
+
static void internal_connect(isc_task_t *, isc_event_t *);
|
8
|
+
-static void internal_recv(isc_task_t *, isc_event_t *);
|
9
|
+
+static void internal_recv(isc_event_t *);
|
10
|
+
static void internal_send(isc_task_t *, isc_event_t *);
|
11
|
+
static void internal_fdwatch_write(isc_task_t *, isc_event_t *);
|
12
|
+
-static void internal_fdwatch_read(isc_task_t *, isc_event_t *);
|
13
|
+
+static void internal_fdwatch_read(isc_event_t *);
|
14
|
+
static void process_cmsg(isc_socket_t *, struct msghdr *, isc_socketevent_t *);
|
15
|
+
static void build_msghdr_send(isc_socket_t *, isc_socketevent_t *,
|
16
|
+
struct msghdr *, struct iovec *, size_t *);
|
17
|
+
@@ -1830,7 +1830,7 @@ isc_socket_detach(isc_socket_t **socketp
|
18
|
+
*
|
19
|
+
* The socket and manager must be locked before calling this function.
|
20
|
+
*/
|
21
|
+
-static void
|
22
|
+
+static isc_boolean_t
|
23
|
+
dispatch_recv(isc_socket_t *sock) {
|
24
|
+
intev_t *iev;
|
25
|
+
isc_socketevent_t *ev;
|
26
|
+
@@ -1841,7 +1841,7 @@ dispatch_recv(isc_socket_t *sock) {
|
27
|
+
if (sock->type != isc_sockettype_fdwatch) {
|
28
|
+
ev = ISC_LIST_HEAD(sock->recv_list);
|
29
|
+
if (ev == NULL)
|
30
|
+
- return;
|
31
|
+
+ return ISC_FALSE;
|
32
|
+
socket_log(sock, NULL, EVENT, NULL, 0, 0,
|
33
|
+
"dispatch_recv: event %p -> task %p",
|
34
|
+
ev, ev->ev_sender);
|
35
|
+
@@ -1855,13 +1855,16 @@ dispatch_recv(isc_socket_t *sock) {
|
36
|
+
|
37
|
+
sock->references++;
|
38
|
+
iev->ev_sender = sock;
|
39
|
+
+ iev->ev_arg = sock;
|
40
|
+
if (sock->type == isc_sockettype_fdwatch)
|
41
|
+
- iev->ev_action = internal_fdwatch_read;
|
42
|
+
+ internal_fdwatch_read (iev);
|
43
|
+
else
|
44
|
+
- iev->ev_action = internal_recv;
|
45
|
+
- iev->ev_arg = sock;
|
46
|
+
+ internal_recv (iev);
|
47
|
+
|
48
|
+
- isc_task_send(sender, (isc_event_t **)&iev);
|
49
|
+
+ if (sock->references == 0)
|
50
|
+
+ return ISC_TRUE;
|
51
|
+
+
|
52
|
+
+ return ISC_FALSE;
|
53
|
+
}
|
54
|
+
|
55
|
+
static void
|
56
|
+
@@ -2228,7 +2231,7 @@ internal_accept(isc_task_t *me, isc_even
|
57
|
+
}
|
58
|
+
|
59
|
+
static void
|
60
|
+
-internal_recv(isc_task_t *me, isc_event_t *ev) {
|
61
|
+
+internal_recv(isc_event_t *ev) {
|
62
|
+
isc_socketevent_t *dev;
|
63
|
+
isc_socket_t *sock;
|
64
|
+
|
65
|
+
@@ -2237,21 +2240,13 @@ internal_recv(isc_task_t *me, isc_event_
|
66
|
+
sock = ev->ev_sender;
|
67
|
+
INSIST(VALID_SOCKET(sock));
|
68
|
+
|
69
|
+
- LOCK(&sock->lock);
|
70
|
+
- socket_log(sock, NULL, IOEVENT,
|
71
|
+
- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_INTERNALRECV,
|
72
|
+
- "internal_recv: task %p got event %p", me, ev);
|
73
|
+
-
|
74
|
+
INSIST(sock->pending_recv == 1);
|
75
|
+
sock->pending_recv = 0;
|
76
|
+
|
77
|
+
INSIST(sock->references > 0);
|
78
|
+
sock->references--; /* the internal event is done with this socket */
|
79
|
+
- if (sock->references == 0) {
|
80
|
+
- UNLOCK(&sock->lock);
|
81
|
+
- destroy(&sock);
|
82
|
+
+ if (sock->references == 0)
|
83
|
+
return;
|
84
|
+
- }
|
85
|
+
|
86
|
+
/*
|
87
|
+
* Try to do as much I/O as possible on this socket. There are no
|
88
|
+
@@ -2289,7 +2284,6 @@ internal_recv(isc_task_t *me, isc_event_
|
89
|
+
if (!ISC_LIST_EMPTY(sock->recv_list))
|
90
|
+
select_poke(sock->manager, sock->fd, SELECT_POKE_READ);
|
91
|
+
|
92
|
+
- UNLOCK(&sock->lock);
|
93
|
+
}
|
94
|
+
|
95
|
+
static void
|
96
|
+
@@ -2388,7 +2382,7 @@ internal_fdwatch_write(isc_task_t *me, i
|
97
|
+
}
|
98
|
+
|
99
|
+
static void
|
100
|
+
-internal_fdwatch_read(isc_task_t *me, isc_event_t *ev) {
|
101
|
+
+internal_fdwatch_read(isc_event_t *ev) {
|
102
|
+
isc_socket_t *sock;
|
103
|
+
int more_data;
|
104
|
+
|
105
|
+
@@ -2400,31 +2394,19 @@ internal_fdwatch_read(isc_task_t *me, is
|
106
|
+
sock = (isc_socket_t *)ev->ev_sender;
|
107
|
+
INSIST(VALID_SOCKET(sock));
|
108
|
+
|
109
|
+
- LOCK(&sock->lock);
|
110
|
+
- socket_log(sock, NULL, IOEVENT,
|
111
|
+
- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_INTERNALRECV,
|
112
|
+
- "internal_fdwatch_read: task %p got event %p", me, ev);
|
113
|
+
-
|
114
|
+
INSIST(sock->pending_recv == 1);
|
115
|
+
|
116
|
+
- UNLOCK(&sock->lock);
|
117
|
+
- more_data = (sock->fdwatchcb)(me, sock, sock->fdwatcharg);
|
118
|
+
- LOCK(&sock->lock);
|
119
|
+
+ INSIST(0); /* We should not be here */
|
120
|
+
|
121
|
+
sock->pending_recv = 0;
|
122
|
+
|
123
|
+
INSIST(sock->references > 0);
|
124
|
+
sock->references--; /* the internal event is done with this socket */
|
125
|
+
- if (sock->references == 0) {
|
126
|
+
- UNLOCK(&sock->lock);
|
127
|
+
- destroy(&sock);
|
128
|
+
+ if (sock->references == 0)
|
129
|
+
return;
|
130
|
+
- }
|
131
|
+
|
132
|
+
if (more_data)
|
133
|
+
select_poke(sock->manager, sock->fd, SELECT_POKE_READ);
|
134
|
+
-
|
135
|
+
- UNLOCK(&sock->lock);
|
136
|
+
}
|
137
|
+
|
138
|
+
static void
|
139
|
+
@@ -2434,6 +2416,7 @@ process_fds(isc_socketmgr_t *manager, in
|
140
|
+
int i;
|
141
|
+
isc_socket_t *sock;
|
142
|
+
isc_boolean_t unlock_sock;
|
143
|
+
+ isc_boolean_t destroy_sock;
|
144
|
+
|
145
|
+
REQUIRE(maxfd <= (int)FD_SETSIZE);
|
146
|
+
|
147
|
+
@@ -2462,6 +2445,7 @@ process_fds(isc_socketmgr_t *manager, in
|
148
|
+
|
149
|
+
sock = manager->fds[i];
|
150
|
+
unlock_sock = ISC_FALSE;
|
151
|
+
+ destroy_sock = ISC_FALSE;
|
152
|
+
if (FD_ISSET(i, readfds)) {
|
153
|
+
if (sock == NULL) {
|
154
|
+
FD_CLR(i, &manager->read_fds);
|
155
|
+
@@ -2473,7 +2457,7 @@ process_fds(isc_socketmgr_t *manager, in
|
156
|
+
if (sock->listener)
|
157
|
+
dispatch_accept(sock);
|
158
|
+
else
|
159
|
+
- dispatch_recv(sock);
|
160
|
+
+ destroy_sock = dispatch_recv(sock);
|
161
|
+
}
|
162
|
+
FD_CLR(i, &manager->read_fds);
|
163
|
+
}
|
164
|
+
@@ -2497,6 +2481,8 @@ process_fds(isc_socketmgr_t *manager, in
|
165
|
+
}
|
166
|
+
if (unlock_sock)
|
167
|
+
UNLOCK(&sock->lock);
|
168
|
+
+ if (destroy_sock)
|
169
|
+
+ destroy(&sock);
|
170
|
+
}
|
171
|
+
}
|
172
|
+
|
@@ -18,7 +18,7 @@ Summary: The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) serv
|
|
18
18
|
Name: bind
|
19
19
|
License: ISC
|
20
20
|
Version: 9.5.0
|
21
|
-
Release:
|
21
|
+
Release: 31.%{RELEASEVER}%{dist}
|
22
22
|
Epoch: 32
|
23
23
|
Url: http://www.isc.org/products/BIND/
|
24
24
|
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
@@ -57,6 +57,8 @@ Patch63: bind-9.4.0-dnssec-directory.patch
|
|
57
57
|
Patch71: bind-9.5-overflow.patch
|
58
58
|
Patch72: bind-9.5-dlz-64bit.patch
|
59
59
|
Patch87: bind-9.5-parallel-build.patch
|
60
|
+
Patch88: bind-9.5-libcap.patch
|
61
|
+
Patch89: bind-9.5-recv-race.patch
|
60
62
|
|
61
63
|
# SDB patches
|
62
64
|
Patch11: bind-9.3.2b2-sdbsrc.patch
|
@@ -179,6 +181,7 @@ Based on the code from Jan "Yenya" Kasprzak <kas@fi.muni.cz>
|
|
179
181
|
%patch5 -p1 -b .nonexec
|
180
182
|
%patch10 -p1 -b .PIE
|
181
183
|
%patch16 -p1 -b .redhat_doc
|
184
|
+
%patch88 -p1 -b .libcap
|
182
185
|
%if %{SDB}
|
183
186
|
mkdir bin/named-sdb
|
184
187
|
cp -r bin/named/* bin/named-sdb
|
@@ -235,6 +238,7 @@ cp -fp contrib/dbus/{dbus_mgr.h,dbus_service.h} bin/named/include/named
|
|
235
238
|
%patch83 -p1 -b .libidn2
|
236
239
|
%patch85 -p1 -b .libidn3
|
237
240
|
%patch87 -p1 -b .parallel
|
241
|
+
%patch89 -p1 -b .recv-race
|
238
242
|
:;
|
239
243
|
|
240
244
|
|
@@ -243,7 +247,7 @@ export CFLAGS="$CFLAGS $RPM_OPT_FLAGS -O0"
|
|
243
247
|
export CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
|
244
248
|
export STD_CDEFINES="$CPPFLAGS"
|
245
249
|
|
246
|
-
libtoolize -c -f; aclocal --force; autoconf -f
|
250
|
+
libtoolize -c -f; aclocal --force; autoheader -f; autoconf -f
|
247
251
|
|
248
252
|
%if %{WITH_DBUS}
|
249
253
|
%ifarch s390x x86_64 ppc64
|
@@ -641,6 +645,10 @@ rm -rf ${RPM_BUILD_ROOT}
|
|
641
645
|
%{_sbindir}/bind-chroot-admin
|
642
646
|
|
643
647
|
%changelog
|
648
|
+
* Mon May 05 2008 Adam Tkac <atkac redhat com> 32:9.5.0-31.b3
|
649
|
+
- readded bind-9.5-libcap.patch
|
650
|
+
- added bind-9.5-recv-race.patch from F8 branch (#400461)
|
651
|
+
|
644
652
|
* Wed Apr 23 2008 Adam Tkac <atkac redhat com> 32:9.5.0-30.1.b3
|
645
653
|
- build Berkeley DB DLZ backend
|
646
654
|
|